Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in / Register
  • S Storage
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 46
    • Issues 46
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 21
    • Merge requests 21
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Package Registry
    • Container Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Open Subsurface Data Universe SoftwareOpen Subsurface Data Universe Software
  • Platform
  • System
  • Storage
  • Merge requests
  • !482

Remove SNAPSHOT dependencies

  • Review changes

  • Download
  • Email patches
  • Plain diff
Merged David Diederich requested to merge remove-snapshot-dependencies into master Aug 16, 2022
  • Overview 1
  • Commits 1
  • Pipelines 1
  • Changes 1

This automated MR removes usage of SNAPSHOT versions in the first party library dependencies. Since SNAPSHOT dependencies change frequently -- by their nature -- usage of them across projects is dangerous and should be avoided.

Dependency Information Before the Upgrade

Branch: master
SHA:    b654752e9623984448bb6b9f99e5d290e8ba6cd0
Maven:  0.17.0-SNAPSHOT
Maven Dependencies Root provider/storage-aws/src/main/ComplianceTrigger/ComplianceTriggerFunction/ComplianceTriggerFunction/ testing/
core-lib-azure 0.16.0-rc5
core-lib-gcp 0.16.0-rc1
os-core-lib-aws 0.16.0-SNAPSHOT 0.14.0-rc2 0.14.0-rc2
obm 0.15.0
oqm 0.15.0
os-core-common 0.15.0 0.13.0 0.13.0
os-core-lib-ibm 0.16.0-rc1 0.13.0
osm 0.15.0
(3rd Party) com.fasterxml.jackson.core.jackson-databind 2.13.2.2 2.6.7.2 2.8.1, 2.13.2.2
(3rd Party) org.apache.logging.log4j.log4j-api 2.17.1 2.13.3 2.17.1
(3rd Party) org.apache.logging.log4j.log4j-to-slf4j 2.17.1 2.13.3 2.17.1
(3rd Party) org.springframework.spring-webflux 5.3.12
(3rd Party) org.springframework.spring-webmvc 5.3.22, 5.1.19.RELEASE 5.3.12 5.3.12
Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
├─ _Root_
│  ├─ org.opengroup.osdu.storage-byoc == 0.17.0-SNAPSHOT
│  │  └─ org.opengroup.osdu.storage-core == 0.17.0-SNAPSHOT
│  │     └─ org.springframework.spring-webmvc == 5.1.19.RELEASE
│  └─ org.opengroup.osdu.storage-ibm == 0.17.0-SNAPSHOT
│     └─ org.opengroup.osdu.storage-core == 0.17.0-SNAPSHOT
│        └─ org.springframework.spring-webmvc == 5.1.19.RELEASE
├─ provider/storage-aws/src/main/ComplianceTrigger/ComplianceTriggerFunction/ComplianceTriggerFunction/
│  └─ compliance.compliance == 0.17.0-SNAPSHOT
│     └─ org.opengroup.osdu.os-core-common == 0.13.0
│        └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│           └─ org.springframework.spring-webmvc == 5.3.12
└─ testing/
├─ org.opengroup.osdu.storage.storage-test-core == 0.17.0-SNAPSHOT
│  └─ org.opengroup.osdu.os-core-common == 0.13.0
│     └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│        └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-aws == 0.17.0-SNAPSHOT
│  └─ org.opengroup.osdu.os-core-common == 0.13.0
│     └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│        └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-azure == 0.17.0-SNAPSHOT
│  └─ org.opengroup.osdu.storage.storage-test-core == 0.17.0-SNAPSHOT
│     └─ org.opengroup.osdu.os-core-common == 0.13.0
│        └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│           └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-gcp == 0.17.0-SNAPSHOT
│  └─ org.opengroup.osdu.storage.storage-test-core == 0.17.0-SNAPSHOT
│     └─ org.opengroup.osdu.os-core-common == 0.13.0
│        └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│           └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-ibm == 0.17.0-SNAPSHOT
│  └─ org.opengroup.osdu.os-core-common == 0.13.0
│     └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│        └─ org.springframework.spring-webmvc == 5.3.12
└─ org.opengroup.osdu.storage.storage-test-anthos == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.storage.storage-test-core == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.13.0
└─ org.springframework.boot.spring-boot-starter-web == 2.4.12
└─ org.springframework.spring-webmvc == 5.3.12
Critical: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.storage-azure == 0.17.0-SNAPSHOT
└─ com.azure.spring.azure-spring-boot-starter-active-directory == 3.4.0
└─ org.springframework.boot.spring-boot-starter-webflux == 2.4.12
└─ org.springframework.spring-webflux == 5.3.12

Dependency Information After the Upgrade

Branch: remove-snapshot-dependencies
SHA:    ff7d288f4236b48872b6cdb9d92a50153d98fb61
Maven:  0.17.0-SNAPSHOT
Maven Dependencies Root provider/storage-aws/src/main/ComplianceTrigger/ComplianceTriggerFunction/ComplianceTriggerFunction/ testing/
core-lib-azure 0.16.0-rc5
core-lib-gcp 0.16.0-rc1
os-core-lib-aws 0.16.1 0.14.0-rc2 0.14.0-rc2
obm 0.15.0
oqm 0.15.0
os-core-common 0.15.0 0.13.0 0.13.0
os-core-lib-ibm 0.16.0-rc1 0.13.0
osm 0.15.0
(3rd Party) com.fasterxml.jackson.core.jackson-databind 2.13.2.2 2.6.7.2 2.8.1, 2.13.2.2
(3rd Party) org.apache.logging.log4j.log4j-api 2.17.1 2.13.3 2.17.1
(3rd Party) org.apache.logging.log4j.log4j-to-slf4j 2.17.1 2.13.3 2.17.1
(3rd Party) org.springframework.spring-webflux 5.3.12
(3rd Party) org.springframework.spring-webmvc 5.3.22, 5.1.19.RELEASE 5.3.12 5.3.12
Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
├─ _Root_
│  ├─ org.opengroup.osdu.storage-byoc == 0.17.0-SNAPSHOT
│  │  └─ org.opengroup.osdu.storage-core == 0.17.0-SNAPSHOT
│  │     └─ org.springframework.spring-webmvc == 5.1.19.RELEASE
│  └─ org.opengroup.osdu.storage-ibm == 0.17.0-SNAPSHOT
│     └─ org.opengroup.osdu.storage-core == 0.17.0-SNAPSHOT
│        └─ org.springframework.spring-webmvc == 5.1.19.RELEASE
├─ provider/storage-aws/src/main/ComplianceTrigger/ComplianceTriggerFunction/ComplianceTriggerFunction/
│  └─ compliance.compliance == 0.17.0-SNAPSHOT
│     └─ org.opengroup.osdu.os-core-common == 0.13.0
│        └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│           └─ org.springframework.spring-webmvc == 5.3.12
└─ testing/
├─ org.opengroup.osdu.storage.storage-test-core == 0.17.0-SNAPSHOT
│  └─ org.opengroup.osdu.os-core-common == 0.13.0
│     └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│        └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-aws == 0.17.0-SNAPSHOT
│  └─ org.opengroup.osdu.os-core-common == 0.13.0
│     └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│        └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-azure == 0.17.0-SNAPSHOT
│  └─ org.opengroup.osdu.storage.storage-test-core == 0.17.0-SNAPSHOT
│     └─ org.opengroup.osdu.os-core-common == 0.13.0
│        └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│           └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-gcp == 0.17.0-SNAPSHOT
│  └─ org.opengroup.osdu.storage.storage-test-core == 0.17.0-SNAPSHOT
│     └─ org.opengroup.osdu.os-core-common == 0.13.0
│        └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│           └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-ibm == 0.17.0-SNAPSHOT
│  └─ org.opengroup.osdu.os-core-common == 0.13.0
│     └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│        └─ org.springframework.spring-webmvc == 5.3.12
└─ org.opengroup.osdu.storage.storage-test-anthos == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.storage.storage-test-core == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.13.0
└─ org.springframework.boot.spring-boot-starter-web == 2.4.12
└─ org.springframework.spring-webmvc == 5.3.12
Critical: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.storage-azure == 0.17.0-SNAPSHOT
└─ com.azure.spring.azure-spring-boot-starter-active-directory == 3.4.0
└─ org.springframework.boot.spring-boot-starter-webflux == 2.4.12
└─ org.springframework.spring-webflux == 5.3.12
Assignee
Assign to
Reviewers
Request review from
Time tracking
Source branch: remove-snapshot-dependencies